Unable to add IPv6 IP address to firewall list

Recently I noticed some legitimate requests were being blocked by Cloudflare’s WAF.

So I copied our server’s IPv6 address straight from the WAF log page and pasted it into a new IP list.

However Cloudflare won’t let me add it to the list.

It says "X is not a valid value for ip because filters.api.IPv6 IP addresses are not supported. We suggest using a /64 CIDR instead (Code: 10038) "

The address is in the format:
xxxx:xxxx::xxxx:xxxx:xxxx:xxxx

I copied the address straight from the WAF page so I feel like it really should work and I shouldn’t have to play around with it trying to make it work.

Any advice is appreciated. Thanks.

Individual addresses are not supported in the context of address lists, you can only configure a whole /64 range. Alternatively you can configure that address for a firewall rule or an IP access rule.

Thanks for replying. When I attempt to add a /64 suffix I get this:

xxxx:xxxx::xxxx:xxxx/64 is not a valid value for ip because filters.api.CIDR has host bits set (Code: 10036)

That syntax does not seem to be a valid CIDR. Check that first before trying to add it.

It probably should rather be .....::/64.

The :: in the middle expands to a long string of 0s. The address expands to xxxx:xxxx:0000:0000:0000:0000:xxxx:xxxx, so the corresponding /64 would be xxxx:xxxx:0000:0000::/64 or xxxx:xxxx::/64.

Just to confirm: Lists can handle individual IPv4 addresses but not IPv6 ones?

I use a CF list to manage a list of IPs to block, and have been unable to add IPv6 items into it. Having to block a whole range of addresses instead of a single one seems strange.

Correct.

As mentioned earlier you can do that via individual rules.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.